Yesterday, Microsoft revealed that the company has been working with the US Justice system to seize malicious domains to prevent scammers from taking advantage of people affected by the coronavirus pandemic.
Recently, Microsoft observed cyberattacks targeting people who were left vulnerable by the coronavirus pandemic. Microsoft noted that these activities were just another form of business email compromise (BEC) attack. In this case, BEC attacks claimed to provide financial relief to companies and used terms like “COVID-19 Bonus” to attract users into clicking on the phishing link. Once the user clicks on the link, they were taken to a web app that looked genuine but allowed the attackers to collect personal information. These attacks have grown in the past few years and according to the FBI's 2019 cybercrime report, last year BEC attacks cost users over $1.7 billion in losses.
In case you're not familiar, BEC attacks are usually targeted at business and non-profit organizations. The attack includes sending genuine-looking emails like invoices, payments, etc to collect personal information including bank details and login credentials from the victim.